Hello everyone! (I’m hoping this is the right place to ask this.) I’m looking to replace my old iphone, but have gotten focused on privacy and security for my devices recently. I’m not very tech smart, and so far the research I’ve done into this has just left me more confused and feeling very out of my depth.
I’ve always had some concerns over the data harvesting big corps like Apple and Google do on their phones, but recently I had issues with being cyberstalked. That situation is being handled, but it’s made me extra cautious about who and how my phone data is shared around, so I’d like to feel safer/more secure with my new phone.
Considering all this, I would love to have a phone that meets as many of these criteria as possible:
true location disabler. I hate how, even with location services off, my iphone/apps on said iphone constantly know where I am. I never liked this, but post cyberstalking issues this feels way more unsafe. Would love a built in VPN type feature to pair with a location disabler, though I can get VPN from third party apps if needed.
physical kill switch for camera/mic. This is another thing that makes me uncomfortable, I don’t like the fact I can’t turn them off when not using. Have also had issues with my old ipad showing the “camera in use” green dot when it should NOT have been in use for anything. (Never found the source of that, either–maybe it was just a bug, maybe not)
good OS security against third-party threats (stalking, hacking, etc). I’ve seen phones like Fairphone and PinePhone that meet my first two criteria, but then I saw a lot of debate over whether their operating systems were actually safe. If the OS is less safe than a conventional Apple/Samsung/Google phone, I can’t really sacrifice that.
actual social media guardrails (if that exists). I have to use social media for my work and need the apps on my phone (insta, twitter, youtube) but I have never liked the blatant algorithm snooping. If I look up “summer thrift store deals” in my browser, I do NOT want to log into facebook and suddenly have a ton of thrift store ads. Get out of my search history, dam it. I’ve used DuckDuckGo browser before thinking it was safer and I STILL can’t get FB and YT out of my search history.
keeping my data private from big corps. If I have to stick with a standard Apple/Samsung/etc phone for the best third-party OS protections, I will, but I’d heavily prefer not to be feeding all my phone data directly to a big corp. I don’t like relying on them to not sell out my data for advertising, etc.
lastly, and this might be my biggest stumbling block; I do need something user friendly. I’ve seen a lot of praise for GrapheneOS for cyber security/privacy, but I’ve also seen people say that it’s not very intuitive for the average Jo. I have some very very basic tech knowledge, but if you ask me what a CPU vs a RAM is I…have no idea. I see lots of words on phone specs, but I haven’t the faintest clue what they really mean.
Alright, sorry this is already a long post. My main question is: based on my above threat model, what would be the best smartphone option(s) for me?
Can I use something like Fairphone without sacrificing major OS security? Should I get a Google Pixel and try to learn GrapheneOS? Or do I just suck it up and deal with a standard Apple/Samsung/etc phone for the third-party hacker/stalker protections?
Yes, you can generally use virtually any non-EOL (end of life) phone from a reputable manufacturer without substantially sacrificing your security, including the Fairphone.
However, it will come with deep, privacy-invasive integrations with Google Play that cannot be removed without sacrificing your security. Attempting to solve these privacy problems on Fairphone, Samsung, or most other Android devices will substantially decrease your security.
This is the reason we recommend the Google Pixel with GrapheneOS: because it is currently the only way to use Android securely on consumer hardware without having Google Play Services.
No not really.
One of the few methods is possible to use.
USB Debugging to uninstall the google services in general, then completely disable developer options after the fact. Do be warned: Do Not uninstall critical apps or ones that look critical to this device using the method, and for security reasons, Have it off when you’re done, period. More importantly if that device gets factory reset, they do reinstall.
Disable them, This doesn’t require ADB or USB Debugging and should have similar functionality and remains security in tact like above but when you disable it after the fact and should be safer.
USB Debugging does reduce security yes, but since you’re using it temporarily and you’re turning it off after the fact, it is fine (and not just USB Debugging, also developer options should be off after the fact) and you should once you know you’re done
As for the rest, I will argue that using GrapheneOS would be far easier than something like Linux or whatever you may be thinking of.
It seems your threat model is high enough I don’t see dismissing this option being very justifiable on this.
And I just saw the camera and video thing, if I may I suggest NitroPhone:
They have the option to remove all the Sensors, camera and microphone.
But this is a permanent thing, not a kill switch, I doubt fairphone has a kill switch anywho though.
They also pre-install GrapheneOS for you.
Thank you both! It sounds like GrapheneOS really is going to be my best option for security and privacy combo.
As a follow up question, would it be worth the extra money to get a phone with GrapheneOS already loaded? (I admit the price gives me a bit of sticker shock) Or is installation simple enough I should be able to diy it without totally effing it up?
If you did want them to professionally remove the microphone/sensors maybe it’s worth it (still very pricey though), but if you’re simply going to install GrapheneOS then you can certainly DIY it.
Having the microphone removed isn’t completely valueless, and you’d still be able to make calls by simply plugging in a USB-C headset/earbuds as needed, which acts as a physical kill switch of course. Most people will just rely on the software microphone/sensor toggles in the Android control panel and call it good enough though. The risk is next to 0 and thus probably not worth an extra $600 + inconvenience, unless money is no object at all.
Good to know! The physical kill switch would be nice, but considering the goal is to have a not hacked phone to begin with, mic and camera shouldn’t be a problem if the phone stays un-hacked.
I’d very much like to go as cheap as I can, I’m just daunted by tackling the diy version. I did read through the installation instructions, and I feel like I only understood about half of it. Perhaps it makes more sense if you’re actively doing it with the phone in hand though.
It should, because once you enable OEM unlocking, boot into the bootloader interface, and connect your phone with a USB cable then all you really have to do is click 4 buttons on that page in order.
I would recommend GrapheneOS too. This may not be the panacea but this is the closest OS we have to it. By default, it has zero outgoing connections except to GrapheneOS servers.
If you disable location, WiFi, Bluetooth, Network location and enable airplane mode and use VPN, your real location is not leaked.
There is no physical kill switch but I trust enough the permission system and the software based general kill switches.
About social medias, what I would do would be to use them in a browser that has content filtering (Vanadium for instance, or TOR, Ironfox, Brave, …) and/or use DNS filtering or better, a VPN with DNS block lists (IVPN Antitracker, Proton Netshield, …).
GrapheneOS is user friendly. Don’t worry for the installation process, it’s very easy. You mainly just need to unlock your bootloader, download GrapheneOS, flash it on your device, relock the bootloader.
I am wondering, as I have just ruined the Pixel back cover by applying too much isopropyl alcohol frequently: Can GrapheneOS even work with a removed/disabled camera and/or microphone?
I don’t know the experiences with people on that but if Nitrokey can confidently remove the microphone and/or camera and sensors on it then I’m sure it works, you just won’t be able to take photos as expected. Don’t quote me on that I would ensure to ask other people on that which I wish I knew, I’m just going based off that.
as for the Microphone, I love @jonah’s suggestion here which is after you remove it, you can use something like a USB-C Headphone which you can then unplug as like a physical kill switch of that which is something I didn’t think of at the time so appreciated for bringing it up.
Perhaps it makes more sense if you’re actively doing it with the phone in hand though.